Wordfence Intelligence Weekly WordPress Vulnerability Report (November 4, 2024 to November 10, 2024)

🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024:

• All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
• All plugins and themes with 50-999 active installs hosted in the WordPress.org repository and updated within the last 2 years are in-scope for all researchers!
• Minimum bounty of $5 for all valid in-scope submissions.
• All researchers earn automatic bonuses of between 5% to 180% for valid submissions
• Pending report limits are increased for all
• It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 286 vulnerabilities disclosed in 273 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 43 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 20,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

• Advanced Order Export For WooCommerce <= 3.5.5 – Unauthenticated PHP Object Injection via Order Details
• WAF-RULE-760 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-761 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-762 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-764 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
SOPROBRO	123
João Pedro Soares de Alcântara	32
Gab	21
Francesco Carlucci	17
Tonn	8
stealthcopter	6
Peter Thaleikis	6
LVT-tholv2k	6
Mika	6
wesley (wcraft)	5
Zlrqh	4
vgo0	4
István Márton	4
thiennv	3
Ankit Patel	3
Arkadiusz Hydzik	3
shaman0x01	3
Le Ngoc Anh	2
Akbar Kustirama	2
Bob Matyas	2
Joshua Chan	2
tmrswrr	2
Webbernaut	2
Sean Murphy	2
Kevin Murphy (knmurphy)	2
Colin Xu	1
Max Boll (_b0lli)	1
Foxyyy	1
Rafshanzani Suhada	1
incognito	1
Junwoo Kang	1
Tieu Pham Trong Nhan	1
Chinmoy Pratim Borah	1
floerer	1
theviper17y	1
Zaidan Rizaki	1
Michael	1
Khalid Yusuf	1
zer0gh0st	1
mikemyers	1
ghsinfosec	1
Lucio Sá	1
Robert DeVore	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-8615

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
JobSearch WP Job Board

Researcher

Tonn

More Details >

mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-9307

Patch Status
Unpatched

Published
Nov 5, 2024

Affected Software
mFolio Lite

Researcher

Francesco Carlucci

More Details >

WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-8614

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
JobSearch WP Job Board

Researcher

Tonn

More Details >

Category Ajax Filter <= 2.8.2 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10871

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Category Ajax Filter

Researcher

Le Ngoc Anh

More Details >

CE21 Suite <= 2.2.0 - Authentication Bypass

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10284

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
CE21 Suite

Researcher

István Márton

More Details >

CE21 Suite <= 2.2.0 - JWT Token Disclosure

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10285

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
CE21 Suite

Researcher

István Márton

More Details >

Computer Repair Shop <= 3.8115 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-51793

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
CRM WordPress Plugin – RepairBuddy

Researcher

stealthcopter

More Details >

Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10586

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Debug Tool

Researcher

Francesco Carlucci

More Details >

Forms <= 2.8.0 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-51791

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Forms

Researcher

stealthcopter

More Details >

HB AUDIO GALLERY <= 3.0 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-51790

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
HB AUDIO GALLERY

Researcher

stealthcopter

More Details >

Image Classify <= 1.0.0 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-51789

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Image Classify

Researcher

stealthcopter

More Details >

Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10589

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Leopard - WordPress Offload Media

Researcher

Tonn

More Details >

Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10687

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

Researcher

shaman0x01

More Details >

RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10508

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
RegistrationMagic – User Registration Plugin with Custom Registration Forms

Researcher

shaman0x01

More Details >

The Novel Design Store Directory <= 4.3.0 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-51788

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
The Novel Design Store Directory

Researcher

stealthcopter

More Details >

WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10625

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
WooCommerce Support Ticket System

Researcher

Tonn

More Details >

WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10627

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
WooCommerce Support Ticket System

Researcher

Tonn

More Details >

WordPress User Extra Fields <= 16.5 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10801

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
WordPress User Extra Fields

Researcher

Tonn

More Details >

WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10547

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
WP Membership

Researcher

Tonn

More Details >

WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-10470

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
WPLMS Learning Management System for WordPress, WordPress LMS

Researcher

Foxyyy

More Details >

Th Shop Mania <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-10674

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Th Shop Mania

Researchers

Sean Murphy

Kevin Murphy (knmurphy)

More Details >

Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-10673

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Top Store

Researchers

Sean Murphy

Kevin Murphy (knmurphy)

More Details >

WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-10711

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
WooCommerce Report

Researcher

vgo0

More Details >

WooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-10626

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
WooCommerce Support Ticket System

Researcher

Tonn

More Details >

Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2024-10020

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
Heateor Social Login WordPress

Researcher

wesley (wcraft)

More Details >

Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2024-10097

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Loginizer Security
Loginizer

Researcher

wesley (wcraft)

More Details >

Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2024-10114

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
WooCommerce - Social Login

Researcher

wesley (wcraft)

More Details >

Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2024-9946

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
Social Share, Social Login and Social Comments Plugin – Super Socializer

Researcher

wesley (wcraft)

More Details >

Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-10028

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

Researcher

floerer

More Details >

YaDisk Files <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

7.4

CVSS Rating
High (7.4)

CVE-ID
CVE-2024-10709

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
YaDisk Files

Researcher

Bob Matyas

More Details >

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2024-10261

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Researcher

Arkadiusz Hydzik

More Details >

The FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2024-10640

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
FOX – Currency Switcher Professional for WooCommerce

Researcher

mikemyers

More Details >

Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2024-10263

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Tickera – WordPress Event Ticketing

Researcher

Arkadiusz Hydzik

More Details >

WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2024-10958

Patch Status
Patched

Published
Nov 10, 2024

Affected Software
WP Photo Album Plus

Researcher

Arkadiusz Hydzik

More Details >

CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-10294

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
CE21 Suite

Researcher

István Márton

More Details >

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-9657

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

Researcher

Webbernaut

More Details >

Gboy Custom Google Map <= 1.2 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51882

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Gboy Custom Google Map

Researcher

LVT-tholv2k

More Details >

Horsemanager <= 1.3 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51843

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Horsemanager

Researcher

LVT-tholv2k

More Details >

L Squared Hub WP <= 1.0 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51820

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
L Squared Hub WP – Virtual Device Plugin

Researcher

LVT-tholv2k

More Details >

Share Buttons – Social Media <= 1.0.2 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51845

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Share Buttons – Social Media

Researcher

LVT-tholv2k

More Details >

User Meta – User Profile Builder and User management plugin <= 3.1 - Insecure Direct Object Reference to Sensitive Information Exposure

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-9262

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
User Meta – User Profile Builder and User management plugin

Researcher

wesley (wcraft)

More Details >

WP Contest <= 1.0.0 - Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-51837

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
WP Contest

Researcher

LVT-tholv2k

More Details >

AA Audio Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52348

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
AA Audio Player

Researcher

SOPROBRO

More Details >

AchillesTheme-shortcodes <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51878

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
AchillesTheme-shortcodes

Researcher

Gab

More Details >

Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10168

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
Active Products Tables for WooCommerce. Use constructor to create tables 

Researcher

Peter Thaleikis

More Details >

Add Ribbon Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51823

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Add Ribbon Shortcode

Researcher

SOPROBRO

More Details >

Advanced Video Player with Analytics <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51824

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Advanced Video Player with Analytics

Researcher

SOPROBRO

More Details >

Adventure Bucket List <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51908

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Adventure Bucket List

Researcher

SOPROBRO

More Details >

AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51807

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress

Researcher

SOPROBRO

More Details >

Alert Me! <= 0.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51825

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Alert Me!

Researcher

SOPROBRO

More Details >

Anant Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51813

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Anant Addons for Elementor

Researcher

Gab

More Details >

Assist24 Help Desk <= 20150401.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51910

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Assist24 Help Desk

Researcher

SOPROBRO

More Details >

audioCase <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51909

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
audioCase

Researcher

SOPROBRO

More Details >

Awesome Fitness Testimonials <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51806

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Awesome Fitness Testimonials

Researcher

SOPROBRO

More Details >

Awesome Tool Tip <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52349

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Awesome Tool Tip

Researcher

SOPROBRO

More Details >

AzonBox <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51931

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
AzonBox

Researcher

SOPROBRO

More Details >

Bamboo Enquiries <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51859

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Bamboo Enquiries

Researcher

SOPROBRO

More Details >

Banner System <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51816

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Banner System

Researcher

ghsinfosec

More Details >

Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9443

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Basticom Framework

Researcher

Francesco Carlucci

More Details >

Be Shortcodes <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51881

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Be Shortcodes

Researcher

SOPROBRO

More Details >

Beacon For Help Scout <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51828

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Beacon For Help Scout

Researcher

SOPROBRO

More Details >

BeBetter Social Icons <= 2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51880

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
BeBetter Social Icons

Researcher

SOPROBRO

More Details >

best bootstrap widgets for elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51851

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
best bootstrap widgets for elementor

Researcher

Gab

More Details >

Bg Patriarchia BU <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51799

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Bg Patriarchia BU

Researcher

SOPROBRO

More Details >

Bitcoin Payments <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51826

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Bitcoin Payments

Researcher

SOPROBRO

More Details >

Blocks Post Grid <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51928

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Blocks Post Grid

Researcher

Gab

More Details >

Boombox Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51827

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Boombox Shortcode Plugin

Researcher

SOPROBRO

More Details >

Brand my Footer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51801

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Brand my Footer

Researcher

SOPROBRO

More Details >

Bread & Butter <= 7.4.857 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51802

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Lead capture, gated content & newsletter opt-ins

Researcher

SOPROBRO

More Details >

Browsing History <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51885

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Browsing History

Researcher

SOPROBRO

More Details >

BU Slideshow <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52351

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
BU Slideshow

Researcher

SOPROBRO

More Details >

Charity Addon for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51938

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Charity Addon for Elementor

Researcher

Michael

More Details >

Christian Science Bible Lesson Subjects <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52353

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Christian Science Bible Lesson Subjects

Researcher

SOPROBRO

More Details >

Code Embed <= 2.5 - Authenticated (Contributor+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10814

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Code Embed

Researcher

Max Boll (_b0lli)

More Details >

codeSnips <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51808

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
codeSnips

Researcher

SOPROBRO

More Details >

Community Yard Sale <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51846

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Community Yard Sale

Researcher

SOPROBRO

More Details >

Cookie Nonsense for YT <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51933

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Cookie Nonsense for YT

Researcher

SOPROBRO

More Details >

Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-8960

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Cowidgets – Elementor Addons

Researcher

Francesco Carlucci

More Details >

Creative Blocks <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51822

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Creative Blocks – Ultimate Blocks for Gutenberg

Researcher

Gab

More Details >

CRM 2go <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52350

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
CRM 2go – Formulario de contacto

Researcher

SOPROBRO

More Details >

Custom Dashboard Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51860

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Custom Dashboard Widget

Researcher

SOPROBRO

More Details >

Custom URL Shortener <= 0.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51930

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Custom URL Shortener

Researcher

SOPROBRO

More Details >

drop in image slideshow gallery <= 12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51914

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
drop in image slideshow gallery

Researcher

Zlrqh

More Details >

DuoGeek Blocks 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51868

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
DuoGeek – Gutenberg Blocks

Researcher

Gab

More Details >

Dynamic Post Grid Elementor Addon <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51852

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Dynamic Post Grid Elementor Addon

Researcher

Gab

More Details >

Easy Social Sharebar <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51833

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Easy Social Sharebar

Researcher

SOPROBRO

More Details >

Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10269

Patch Status
Patched

Published
Nov 7, 2024

Affected Software
Easy SVG Support

Researcher

Francesco Carlucci

More Details >

Ekiline Block Collection <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51934

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Ekiline Block Collection

Researcher

SOPROBRO

More Details >

Elementor Header & Footer Builder <= 1.6.45 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10325

Patch Status
Patched

Published
Nov 7, 2024

Affected Software
Elementor Header & Footer Builder

Researcher

Francesco Carlucci

More Details >

ElementsReady Addons for Elementor <= 6.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51787

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
ElementsReady Addons for Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

Embed documents shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51904

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Embed documents shortcode

Researcher

SOPROBRO

More Details >

ESB Testimonials <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51936

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
ESB Testimonials

Researcher

SOPROBRO

More Details >

Event Post <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10186

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
Event post

Researcher

Peter Thaleikis

More Details >

EventPress <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51861

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
EventPress

Researcher

SOPROBRO

More Details >

Faltu Testimonial Rotator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51853

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Faltu Testimonial Rotator

Researcher

SOPROBRO

More Details >

Fancy User List <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51889

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Fancy User List

Researcher

SOPROBRO

More Details >

Fast Video and Image Display <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51935

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Fast Video and Image Display

Researcher

SOPROBRO

More Details >

Featured product by category name <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51911

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Featured product by category name

Researcher

SOPROBRO

More Details >

File Select Control For Elementor <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51841

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
File Select Control For Elementor

Researcher

Gab

More Details >

Geoportail Shortcode <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51890

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Geoportail Shortcode

Researcher

SOPROBRO

More Details >

Google Visualization Charts <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51862

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Google Visualization Charts

Researcher

SOPROBRO

More Details >

GreenCon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51926

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
GreenCon – Table, Listing, Marketing builder for Gutenberg

Researcher

Gab

More Details >

Gutenium Blocks <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51869

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Gutenium Blocks

Researcher

Gab

More Details >

Hola Free Video Player <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51854

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Hola Free Video Player

Researcher

SOPROBRO

More Details >

I Plant A Tree <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51883

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
I Plant A Tree

Researcher

SOPROBRO

More Details >

IA Map Analytics Basic <= 20170413 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51937

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
IA Map Analytics Basic

Researcher

SOPROBRO

More Details >

Icon Widget <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51929

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Icon Widget

Researcher

Gab

More Details >

Image Carousel Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51842

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Image Carousel Shortcode

Researcher

Gab

More Details >

Inline Click To Tweet <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51803

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Inline Click To Tweet

Researcher

SOPROBRO

More Details >

IntelliWidget Elements <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51912

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
IntelliWidget Elements

Researcher

SOPROBRO

More Details >

Keymaster Chord Notation Free <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51809

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Keymaster Chord Notation Free

Researcher

SOPROBRO

More Details >

Kings Tab Slider <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51932

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Kings Tab Slider

Researcher

SOPROBRO

More Details >

Lenxel Core for Lenxel(LNX) LMS <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9270

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Lenxel Core for Lenxel(LNX) LMS

Researcher

Francesco Carlucci

More Details >

Lewe Bootstrap Visuals <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51810

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Lewe Bootstrap Visuals

Researcher

SOPROBRO

More Details >

LIQUID BLOCKS <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52357

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
LIQUID BLOCKS – Slider, Carousel, Accordion

Researcher

João Pedro Soares de Alcântara

More Details >

Location Click Map <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51844

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Location Click Map

Researcher

LVT-tholv2k

More Details >

Luzuk Slider <= 0.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51834

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Luzuk Slider

Researcher

SOPROBRO

More Details >

Luzuk Team <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51871

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Luzuk Team

Researcher

SOPROBRO

More Details >

Luzuk Testimonials <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51872

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Luzuk Testimonials

Researcher

SOPROBRO

More Details >

Mage Front End Forms <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52339

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Mage Front End Forms

Researcher

SOPROBRO

More Details >

Magic Slider <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51896

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Magic Slider

Researcher

SOPROBRO

More Details >

Map Store Locator <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51920

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Map Store Locator

Researcher

SOPROBRO

More Details >

Mapme <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51913

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Mapme

Researcher

SOPROBRO

More Details >

MapPress Maps for WordPress <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10715

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
MapPress Maps for WordPress

Researcher

Akbar Kustirama

More Details >

MDC YouTube Downloader <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51875

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
MDC YouTube Downloader

Researcher

SOPROBRO

More Details >

Minical Hotel Booking Plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51895

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Minical Hotel Booking Plugin

Researcher

SOPROBRO

More Details >

Mobile Kiosk <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51829

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Mobile Kiosk

Researcher

SOPROBRO

More Details >

Moka Get Posts Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51804

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Moka Get Posts Shortcode

Researcher

SOPROBRO

More Details >

Moose Elementor Kit <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51856

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Moose Elementor Kit

Researcher

Gab

More Details >

Multi-day Booking Calendar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51873

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Multi-day Booking Calendar

Researcher

SOPROBRO

More Details >

Multifox Plus <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51916

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Multifox Plus

Researcher

SOPROBRO

More Details >

Multiple Votes in one page <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51917

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Multiple Votes in one page

Researcher

SOPROBRO

More Details >

My Restaurant Menu <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51849

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
My Restaurant Menu

Researcher

SOPROBRO

More Details >

myCred <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10187

Patch Status
Patched

Published
Nov 7, 2024

Affected Software
myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification

Researcher

Peter Thaleikis

More Details >

News Articles <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51897

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
News Articles

Researcher

SOPROBRO

More Details >

News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51830

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
News Ticker

Researcher

SOPROBRO

More Details >

NV Slider <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51887

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
NV Slider

Researcher

SOPROBRO

More Details >

Official SalesWizard CRM Plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51891

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Official SalesWizard CRM Plugin

Researcher

SOPROBRO

More Details >

Olympus Shortcodes <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51857

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Olympus Shortcodes

Researcher

SOPROBRO

More Details >

OpenCart Product Display <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51835

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
OpenCart Product Display

Researcher

SOPROBRO

More Details >

OS BXSlider <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52342

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
OS BXSlider

Researcher

SOPROBRO

More Details >

OS Our Team <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52341

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
OS Our Team

Researcher

SOPROBRO

More Details >

OS Pricing Tables <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52343

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
OS Pricing Tables

Researcher

SOPROBRO

More Details >

OSM – OpenStreetMap <= 6.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52355

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
OSM – OpenStreetMap

Researcher

Junwoo Kang

More Details >

Parallaxer <= 1.00 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51848

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Parallaxer – Parallax Effect on Content

Researcher

SOPROBRO

More Details >

ParOne Feeds <= 1.17.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51874

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
ParOne Feeds

Researcher

SOPROBRO

More Details >

Pay With Stripe <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51918

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Pay With Stripe – Your WordPress Payments Stripe Gateway

Researcher

SOPROBRO

More Details >

Pdf Embedder Fay <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51795

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Pdf Embedder Fay

Researcher

SOPROBRO

More Details >

pdf.js < 2.0.943 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2018-5158

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Algori PDF Viewer

Researcher

Colin Xu

More Details >

Persian Nested Show/Hide Text <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51831

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Persian Nested Show/Hide Text

Researcher

SOPROBRO

More Details >

PF Timer <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51863

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
PF Timer

Researcher

SOPROBRO

More Details >

Photographer Connections <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52340

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Photographer Connections

Researcher

SOPROBRO

More Details >

Plenigo <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51832

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Plenigo

Researcher

SOPROBRO

More Details >

Popup Image <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51811

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Popup Image

Researcher

SOPROBRO

More Details >

Postcasa Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52352

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Postcasa Shortcode

Researcher

SOPROBRO

More Details >

Postify: Post Layout For Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51893

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Postify: Post Layout For Elementor

Researcher

Gab

More Details >

Posts Filter <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51886

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Posts Filter

Researcher

SOPROBRO

More Details >

Posts Search <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51884

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Posts Search

Researcher

SOPROBRO

More Details >

Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-8323

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
Pricing Tables WordPress Plugin – Easy Pricing Tables

Researcher

Francesco Carlucci

More Details >

Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-8442

Patch Status
Patched

Published
Nov 6, 2024

Affected Software
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Researcher

Robert DeVore

More Details >

Pro Addons For Elementor <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51812

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Pro Addons For Elementor

Researcher

Gab

More Details >

Provide Forex Signals <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52344

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Provide Forex Signals

Researcher

SOPROBRO

More Details >

Pull This <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51838

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Pull This

Researcher

SOPROBRO

More Details >

ra_qrcode <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52345

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
ra_qrcode

Researcher

SOPROBRO

More Details >

Realty by BestWebSoft <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51786

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Realty by BestWebSoft

Researcher

SOPROBRO

More Details >

Redirecter <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51855

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Redirecter

Researcher

SOPROBRO

More Details >

Responsive Addons for Elementor <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52358

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates

Researcher

Khalid Yusuf

More Details >

Rig Elements For Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51927

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Rig Elements For Elementor

Researcher

Gab

More Details >

RSV 360 View <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51906

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
RSV 360 View

Researcher

SOPROBRO

More Details >

RSV PDF Preview <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51905

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
RSV PDF Preview

Researcher

SOPROBRO

More Details >

scrollup <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51921

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
scrollup

Researcher

SOPROBRO

More Details >

Sell Media File with Stripe <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51892

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Sell Media File with Stripe

Researcher

SOPROBRO

More Details >

Semantic Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51898

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Semantic Shortcode

Researcher

SOPROBRO

More Details >

Shortcode Collection <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51864

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Shortcode Collection

Researcher

SOPROBRO

More Details >

Shortcodes Blocks Creator Ultimate <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10340

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Shortcodes Blocks Creator Ultimate

Researcher

István Márton

More Details >

Simple Shortcode for Google Maps <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10621

Patch Status
Patched

Published
Nov 7, 2024

Affected Software
Simple Shortcode for Google Maps

Researcher

Akbar Kustirama

More Details >

Simple Social Share Block <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51865

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Simple Social Share Block

Researcher

SOPROBRO

More Details >

SimpleGMaps <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52346

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
SimpleGMaps

Researcher

SOPROBRO

More Details >

Simpul Events by Esotech <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51867

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Simpul Events by Esotech

Researcher

SOPROBRO

More Details >

Smooth Maps <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51901

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Smooth Maps

Researcher

SOPROBRO

More Details >

Social button <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51866

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Social button

Researcher

SOPROBRO

More Details >

Social Locker <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51858

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Social Locker – Increase Traffic

Researcher

SOPROBRO

More Details >

Storely <= 14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51794

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Storely

Researcher

stealthcopter

More Details >

Stylish Internal Links <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51939

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Stylish Internal Links

Researcher

Zlrqh

More Details >

Surbma | Font Awesome <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51798

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Surbma | Font Awesome

Researcher

SOPROBRO

More Details >

SV Forms <= 2.0.05 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51877

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
SV Forms

Researcher

Joshua Chan

More Details >

Testimonial Slider Shortcode <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51925

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Testimonial Slider Shortcode

Researcher

Gab

More Details >

Text Advertisements <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51879

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Text Advertisements

Researcher

SOPROBRO

More Details >

The Pack Elementor addons <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52356

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)

Researcher

João Pedro Soares de Alcântara

More Details >

Tigris Flexplatform <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51819

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Tigris Flexplatform

Researcher

Joshua Chan

More Details >

TinyCode <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51902

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
TinyCode

Researcher

SOPROBRO

More Details >

Topbar ID for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51894

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Topbar ID for Elementor

Researcher

Gab

More Details >

Trendy Restaurant Menu <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51796

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Trendy Restaurant Menu – Best Restaurant Plugin for WordPress

Researcher

SOPROBRO

More Details >

Ultimate Accordion <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51797

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Ultimate Accordion

Researcher

SOPROBRO

More Details >

Ultimate Flipbox Addon for Elementor 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51870

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Ultimate Flipbox Addon for Elementor

Researcher

Gab

More Details >

Utech Spinning Earth <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51839

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Utech Spinning Earth

Researcher

SOPROBRO

More Details >

VP Sitemap <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51922

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
VP Sitemap

Researcher

SOPROBRO

More Details >

Wd-image-magnifier-xoss <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51840

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Wd-image-magnifier-xoss

Researcher

SOPROBRO

More Details >

WE – Client Logo Carousel <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51821

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
WE – Client Logo Carousel

Researcher

SOPROBRO

More Details >

Web Stories Widgets For Elementor <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52354

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Web Stories Widgets For Elementor

Researcher

theviper17y

More Details >

Websand Subscription Form <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51923

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Websand Subscription Form

Researcher

SOPROBRO

More Details >

Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-52347

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera

Researcher

SOPROBRO

More Details >

Wezido <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51836

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Wezido – Elementor Addon Based on Easy Digital Downloads

Researcher

Gab

More Details >

WoW Guild Armory Roster <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51850

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
WoW Guild Armory Roster

Researcher

SOPROBRO

More Details >

WP Agenda <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51924

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
WP Agenda

Researcher

SOPROBRO

More Details >

WP Listings Pro <= 3.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51903

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
WP Listings Pro

Researcher

SOPROBRO

More Details >

WP PagSeguro Payments <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51847

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
WP PagSeguro Payments

Researcher

SOPROBRO

More Details >

WP Responsive Video <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51940

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
WP Responsive Video

Researcher

Zlrqh

More Details >

WP Virtual Room Configurator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51907

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
WP Virtual Room Configurator

Researcher

SOPROBRO

More Details >

wp_automatic_widget <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51876

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
wp_automatic_widget

Researcher

Gab

More Details >

XT Floating Cart for WooCommerce <= 2.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-9178

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
XT Floating Cart for WooCommerce

Researcher

Francesco Carlucci

More Details >

yPHPlista <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51805

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
yPHPlista

Researcher

SOPROBRO

More Details >

活动链接推广插件 <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-51814

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
活动链接推广插件

Researcher

SOPROBRO

More Details >

Admin Amplify <= 1.3.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51691

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Admin Amplify

Researcher

João Pedro Soares de Alcântara

More Details >

Ajax Content Filter <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51717

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Ajax Content Filter

Researcher

thiennv

More Details >

Bing Search API Integration <= 0.3.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51692

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Bing Search API Integration

Researcher

João Pedro Soares de Alcântara

More Details >

Buooy Sticky Header <= 0.5.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51699

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Buooy Sticky Header

Researcher

João Pedro Soares de Alcântara

More Details >

CF7 WOW Styler <= 1.6.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51689

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

Researcher

Le Ngoc Anh

More Details >

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10876

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

Researcher

Peter Thaleikis

More Details >

Contact Form 7 - PayPal & Stripe Add-on <= 2.3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10683

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Contact Form 7 – PayPal & Stripe Add-on

Researcher

Peter Thaleikis

More Details >

Content Syndication Toolkit Reader <= 1.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51696

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Content Syndication Toolkit Reader

Researcher

João Pedro Soares de Alcântara

More Details >

Conversion Helper <= 1.12 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10676

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Conversion Helper

Researcher

João Pedro Soares de Alcântara

More Details >

Daily Image <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51776

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Daily Image

Researcher

João Pedro Soares de Alcântara

More Details >

Dashing Memberships <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51760

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Dashing Memberships

Researcher

Mika

More Details >

Don't Break The Code <= .3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51779

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Don't Break The Code

Researcher

João Pedro Soares de Alcântara

More Details >

Doofinder <= 0.5.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51697

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Doofinder

Researcher

João Pedro Soares de Alcântara

More Details >

eewee admin custom <= 1.8.2.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51780

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
eewee admin custom

Researcher

João Pedro Soares de Alcântara

More Details >

Fabrica Synced Pattern Instances <= 1.0.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51695

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Fabrica Synced Pattern Instances

Researcher

João Pedro Soares de Alcântara

More Details >

Firework Shoppable Live Video <= 6.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51781

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Firework Shoppable Live Video

Researcher

João Pedro Soares de Alcântara

More Details >

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10265

Patch Status
Patched

Published
Nov 10, 2024

Affected Software
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Researcher

vgo0

More Details >

Forms: 3rd-Party Post Again <= 0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51783

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Forms: 3rd-Party Post Again

Researcher

João Pedro Soares de Alcântara

More Details >

FriendStore for WooCommerce <= 1.4.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51784

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
FriendStore for WooCommerce

Researcher

João Pedro Soares de Alcântara

More Details >

Geotagged Media <= 0.3.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51694

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Geotagged Media

Researcher

João Pedro Soares de Alcântara

More Details >

HQ60 Fidelity Card <= 1.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51713

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
HQ60 Fidelity Card

Researcher

SOPROBRO

More Details >

imPress <= 0.1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51704

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
imPress

Researcher

João Pedro Soares de Alcântara

More Details >

Jigoshop – Store Toolkit <= 1.4.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51712

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Jigoshop – Store Toolkit

Researcher

Zlrqh

More Details >

Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages <= 1.7.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-9226

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages

Researcher

vgo0

More Details >

Loginplus <= 1.2 - Unauthenticated Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51782

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Loginplus

Researcher

Mika

More Details >

Master Bar <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51698

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Master Bar

Researcher

João Pedro Soares de Alcântara

More Details >

MG Post Contributors <= 1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51701

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
MG Post Contributors

Researcher

João Pedro Soares de Alcântara

More Details >

Narnoo Commerce Manager <= 1.6.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51708

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Narnoo Commerce Manager

Researcher

João Pedro Soares de Alcântara

More Details >

PropertyShift <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51762

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
PropertyShift

Researcher

Mika

More Details >

Responsive Data Table <= 1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51710

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Responsive Data Table

Researcher

João Pedro Soares de Alcântara

More Details >

Saragna <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51711

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Saragna – Social Stream WordPress

Researcher

João Pedro Soares de Alcântara

More Details >

Satisfaction Reports from Help Scout <= 2.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51778

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Satisfaction Reports from Help Scout

Researcher

thiennv

More Details >

Search order by product SKU for WooCommerce <= 0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51693

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Search order by product SKU for WooCommerce

Researcher

thiennv

More Details >

Seriously Simple Podcasting <= 3.5.0 - Reflected Cross-Site Scripting via add_query_arg Parameter

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-9667

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Seriously Simple Podcasting

Researcher

Webbernaut

More Details >

Simple Modal <= 0.3.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51718

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Simple Modal

Researcher

João Pedro Soares de Alcântara

More Details >

Simplistic SEO <= 2.3.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51719

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Simplistic SEO

Researcher

João Pedro Soares de Alcântara

More Details >

SrcSet Responsive Images for WordPress <= 1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51702

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
SrcSet Responsive Images for WordPress

Researcher

João Pedro Soares de Alcântara

More Details >

SVT Simple <= 1.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51759

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
SVT Simple

Researcher

João Pedro Soares de Alcântara

More Details >

SysBasics Customize My Account for WooCommerce <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10837

Patch Status
Patched

Published
Nov 9, 2024

Affected Software
SysBasics Customize My Account for WooCommerce

Researcher

vgo0

More Details >

Team Showcase and Slider – Team Members Builder <= 1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51763

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Team Showcase and Slider – Team Members Builder

Researcher

Mika

More Details >

TeleAdmin <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51709

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
TeleAdmin

Researcher

SOPROBRO

More Details >

Twitter real time search scrolling <= 7.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51716

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Twitter real time search scrolling

Researcher

SOPROBRO

More Details >

User Password Reset <= 1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51714

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
User Password Reset

Researcher

SOPROBRO

More Details >

UW Freelancer <= 0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51706

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
UW Freelancer

Researcher

João Pedro Soares de Alcântara

More Details >

WP MMenu Lite <= 1.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51705

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
WP MMenu Lite

Researcher

João Pedro Soares de Alcântara

More Details >

Wp Slide Categorywise <= 1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51690

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
Wp Slide Categorywise

Researcher

João Pedro Soares de Alcântara

More Details >

WP Visual Adverts <= 2.3.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51707

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
WP Visual Adverts

Researcher

João Pedro Soares de Alcântara

More Details >

WP-Basics <= 2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51703

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
WP-Basics

Researcher

João Pedro Soares de Alcântara

More Details >

WPHelpful <= 1.2.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-51761

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
WPHelpful

Researcher

Mika

More Details >

WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-10647

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
WS Form LITE – Drag & Drop Contact Form Builder for WordPress

Researcher

Peter Thaleikis

More Details >

Anih - Creative Agency WordPress Theme <= 2024 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-9775

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Anih - Creative Agency WordPress Theme

Researcher

Chinmoy Pratim Borah

More Details >

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+ Stored Cross-Site Scripting via Open Map Widget

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-9867

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

Researcher

zer0gh0st

More Details >

Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Post Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-10779

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Cowidgets – Elementor Addons

Researcher

Francesco Carlucci

More Details >

EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6626

Patch Status
Unpatched

Published
Nov 5, 2024

Affected Software
EleForms – All In One Form Integration including DB for Elementor

Researcher

Lucio Sá

More Details >

Quform - WordPress Form Builder <= 2.20.0 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-8756

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Quform - WordPress Form Builder

Researcher

shaman0x01

More Details >

Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-10535

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
Video Gallery for WooCommerce

Researcher

incognito

More Details >

WordPress Poll Maker Plugin <= 5.4.6 - Authenticated (Administrator+) Time-Based SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2024-9874

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Poll Maker – Versus Polls, Anonymous Polls, Image Polls

Researcher

tmrswrr

More Details >

Responsive Filterable Portfolio <= 1.0.22 - Server-Side Request Forgery

4.7

CVSS Rating
Medium (4.7)

CVE-ID
CVE-2024-51785

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Responsive Filterable Portfolio

Researcher

Zaidan Rizaki

More Details >

Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-9878

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Researcher

tmrswrr

More Details >

YaDisk Files <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-10710

Patch Status
Unpatched

Published
Nov 4, 2024

Affected Software
YaDisk Files

Researcher

Bob Matyas

More Details >

140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10319

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
140+ Widgets | Xpro Addons For Elementor – FREE

Researcher

Ankit Patel

More Details >

Attesa Extra <= 1.4.2 - Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10688

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Attesa Extra

Researcher

Francesco Carlucci

More Details >

Combo WP Rewrite Slugs <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Settings Change

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-51817

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Combo WP Rewrite Slugs

Researcher

Mika

More Details >

Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10084

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
Contact Form 7 – Dynamic Text Extension

Researcher

Francesco Carlucci

More Details >

Content Slider Block – Create fully functional slider with Gutenberg block <= 3.1.5 - Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10667

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Content Slider Block

Researcher

Francesco Carlucci

More Details >

Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10669

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Countdown Timer block – Display the event's date into a timer.

Researcher

Francesco Carlucci

More Details >

Debug Tool <= 2.2 - Missing Authorization to Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10588

Patch Status
Unpatched

Published
Nov 8, 2024

Affected Software
Debug Tool

Researcher

Francesco Carlucci

More Details >

Envo Extra <= 1.9.3 - Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10770

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Envo Extra

Researcher

Francesco Carlucci

More Details >

Magical Addons For Elementor <= 1.2.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10352

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Researcher

Ankit Patel

More Details >

SKT Addons for Elementor <= 3.3 - Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10693

Patch Status
Patched

Published
Nov 8, 2024

Affected Software
SKT Addons for Elementor

Researcher

Francesco Carlucci

More Details >

Tumult Hype Animations <= 1.9.14 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10543

Patch Status
Patched

Published
Nov 5, 2024

Affected Software
Tumult Hype Animations

Researcher

Tieu Pham Trong Nhan

More Details >

Ultimate Bootstrap Elements for Elementor <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-10329

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Ultimate Bootstrap Elements for Elementor

Researcher

Ankit Patel

More Details >

Zotpress <= 7.3.12 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-7429

Patch Status
Patched

Published
Nov 4, 2024

Affected Software
Zotpress

Researcher

Rafshanzani Suhada

More Details >